Gaining access credentials is a way to keep access without installing malware, Mandiant said.
Attackers who penetrate company networks often pose as legitimate users for long periods of time, causing lengthy delays before victims figure out they've been hacked.
FireEye's Mandiant forensics service found that it took a median of 205 days for an organization to detect a compromise, down slightly from 229 days in 2013, according to its 2015 Threat Report.
The drop is nearly insignificant. "I don't think it's enough to make a claim that people are getting better at this," said Matt Hastings, a senior consultant with Mandiant who works on incident response.
full article